We have PA 500 which links to 100 Mbps throughput as mentioned by datasheet.If we do link aggregation would it be possible for us to increase that ? Thanks in advance.
Hi, We have configured a site to site vpn between palo alto and cisco ASA. However, both sites are static and PA is the intiator, ACL is configured properly on Cisco side but I got the error: "IKE Phase-2 negotiation is failed as initiator, quick mode, Failed SA: 213.42.x.x [4500] - 185.141.x.x [4500] message id:xxxxx. Due to negotiation timeout...
Could someone here with documentation on packet level capture for fast path process ? Just for better understanding.
Hi, I am trying to setup machine cert authentication, but it appears I am missing something. Local user auth works fine without certificates. Gateway and Portal are on a single 3020 with 7.1. I created a local-CA and generated a cert for all windows 7 machines.I imported this cert into the Local Computer personal stores on the windows 7 compute...
Here are the steps I've tried in chaning the portal Global Protect.app without restarting the Mac: Packaged up /Library/Preferences/com. paloaltonetworks.GlobalProtect.settings.plist and ~/Library/Preferences/com. paloaltonetworks.GlobalProtect.settings.plist with the new <portal>Deployed package to both paths listed above (Mac does not ta...
Hello.Despite my best efforts I am unable to get this concept working. We have 1 x Palo Alto 3020.It has 2 Virtual routers configured. Both use 192.168.*.* networks. I'd like to access a machine in the neighbour VR, from the opposite VR. As the networks overlap, I presumed this would be a case of using NAT. I can't get the configuration to w...
Hi All, Having issue using Polycom mobile. On our side: No video and audioOn Dialed no: Video and Audio is working we translate trust network to a specific public address and allow Policy:trust network -> untrust to any destination and service.Untrust (public address of peer) -> Trust any destination and service. Palo Alto ALGs - Disabled ...
We are using dns name for user id and terminal server agents in firewall configurtaion like below However intermittelnly we are seeing red light on firewall and while checking directly on terminal server agent software, the firewall connection is vanished.We tried restaring services from server side. but no help. We suspect if something changes ...
GlobalProtect doesn't connect on my new windows 10 laptop (64 bit). I tried reinstall/reboot several times, but it didn't help. The PanGP Service log shows : 21:49:49:463 Debug(1241): Session 1, domain name XXXXX.(T4740) 05/12/16 21:49:49:463 Info (1276): Enumerate session: user xxxxx\xxxx logs in on session 1(T4740) 05/12/16 21:49:49:463 Debug...
Regards, have GlobalProtect 3.1.4-7 + N600 Wireless Dual Band Gigabit Router (TL-WDR3600).When using wifi everything is OK.When using LAN (UTP cable) VPN connection trough GP is interupcted periodicaly for couple of pings and then restored back. Im losing my nerves with this one.If connected trough LAN without Router (direct to the modem) everyt...
Hi, we are planning to upgrade our 3020 A/P Cluster to latest PANOS (7.0.x or 7.1.x). Currently we are runing 6.1.13. We want to do more SSL Decryption (Inbound & Forward Proxy). What are you thinking is the best and stable release for 3020 A/P Clusters and SSL Decryption? Is there a official site where we can check the palo alto recommended...
how will that packet flow ?what does offload processor exacly do ? understanding of itwhy it needs APP-ID completed
Hi Guys, Any specific Stress Test tools could be used for Palo, looking to generate a hundred thousand flows. Can Kali Linux or any others do this? Cheers,Myky
In our environment, we have eliminated the scourge of people being local administrators on computers, with the exception of administrative accounts assigned to some of the IT personnel. I'm thinking about blocking the DLL, DMG, EXE, MSI, and PE file types for everyone but IT personnel. Are there any caveats or big gotchas related to doing so? ...
All, Does anyone know a way to setup source-based Custom URL Lists containing domains as an alternative to using source-based IP addresses and address groups? I don't think it's possible in any of the current versions of PAN-OS but i am looking at options. For example, if i want to limit inbound SMTP to our edge Exchange server from the Microso...
